Segmentation fault - Radius Accounting
Richard J Palmer
richard at merula.net
Fri Jan 26 14:13:15 CET 2018
Hi there
We have a realm that we are trying to proxy. For auth it works fine...
BUT for accounting it fails.
Running radiusd -X when we get an accounting packet we get the
following:
Ready to process requests
(0) Received Status-Server Id 0 from 217.146.96.41:3799 to
85.158.159.252:1646 length 62
(0) NAS-Identifier = "Constantine.merula.net"
(0) Message-Authenticator = 0x9a68b889142f9146a600a95eff7ef54b
(0) Sent Accounting-Response Id 0 from 85.158.159.252:1646 to
217.146.96.41:3799 length 0
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Accounting-Request Id 194 from 217.146.96.41:3799 to
85.158.159.252:1646 length 192
(1) Acct-Status-Type = Start
(1) Event-Timestamp = "Jan 26 2018 11:47:44 GMT"
(1) Service-Type = Framed-User
(1) Framed-Protocol = PPP
(1) Framed-MTU = 1492
(1) Framed-IP-Address = a.b.c.d
(1) Framed-IP-Netmask = 255.255.255.255
(1) Tunnel-Client-Endpoint:0 = "TEST-END"
(1) User-Name = "01234567890 at myrealm.com"
(1) Calling-Station-Id = "VFC1054807"
(1) Chargeable-User-Identity = "VFC1054807"
(1) NAS-Identifier = "Constantine.merula.net"
(1) Acct-Session-Id = "S600000770120011D13200"
(1) NAS-IP-Address = 5.6.9.8
(1) NAS-Port = 51804
(1) Connect-Info = "1953000/724000"
(1) # Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
(1) preacct {
(1) [preprocess] = ok
(1) policy rewrite_data_sim_users {
(1) if (Calling-Station-Id =~ /(894420000[0-9]{10})/i) {
(1) if (Calling-Station-Id =~ /(894420000[0-9]{10})/i) -> FALSE
(1) else {
(1) [noop] = noop
(1) } # else = noop
(1) } # policy rewrite_data_sim_users = noop
(1) if (!User-Name && Acct-Session-Id && NAS-IP-Address) {
(1) if (!User-Name && Acct-Session-Id && NAS-IP-Address) -> FALSE
(1) policy acct_unique {
(1) update request {
(1) &Tmp-String-9 := "ai:"
(1) } # update request = noop
(1) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(1) EXPAND %{hex:&Class}
(1) -->
(1) EXPAND ^%{hex:&Tmp-String-9}
(1) --> ^61693a
(1) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(1) else {
(1) update request {
(1) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(1) --> e6620fbb47d41aea4969201b45cdb1f3
(1) &Acct-Unique-Session-Id :=
e6620fbb47d41aea4969201b45cdb1f3
(1) } # update request = noop
(1) } # else = noop
(1) } # policy acct_unique = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "myrealm.com" for User-Name =
"01234567890 at myrealm.com"
(1) suffix: Found realm "myrealm.com"
(1) suffix: Adding Realm = "myrealm.com"
(1) suffix: Proxying request from user 01234567890 at myrealm.com to
realm myrealm.com
Segmentation fault
Auth requests that are proxied to the same server. The home server is
another freeradius server.
After some digging I have found the cause - which MAY be of interest
.... in proxy.conf one of the realms was duplicated
With a single instance all is good - but occidentally duplicate and
this is reproducible here.
This is not high prority in any way and was triggered by a config
issue - BUT I thought this might be interesting.
If you need any extra information let me know - I am more than happy
to help
Richard
Richard Palmer | Director | Merula Limited
Company Registered in England and Wales No. 3243995
5 Avro Court, Huntingdon, Cambridgeshire, PE29 6XS
Phone 01480 222940 | Support 0845 330 0666
Support Email support at merula.net
More information about the Freeradius-Users
mailing list